1. Field of the Invention
An object of the present invention is a system of payment by a money card or money-holding "wallet" card with electronic memory. It concerns essentially the field of computerized money systems where, to prevent the theft of money and also, above all, to simplify banking operations, electronic type payments are used by means of memory cards. It can be applied, however, in other fields, especially when pieces of digital information have to be conveyed, and when it is necessary to prevent the modification (or at least to know whether such modification has taken place) of these pieces of information between the place from which they have been transmitted by a transmitter and the instant when they are received by their true addressee.
2. Description of the Prior Art
There are known electronic type payment systems where a chip card is used. The chip card is characterized essentially by the presence of a microprocessor. In this card, the microprocessor fulfils an obvious role of security. In effect, in a card such as this, a microprocessor such as this is capable of applying a complex algorithm for computing or verifying a secret code from a piece of identification data indicated to it. After this chip card has been introduced into a reader, if the secret code computed is not equivalent to secret code already contained in the card, it becomes impossible to perform an operation with this card, it being known that, in this case, the piece of identification data is false. In one improvement, the number of operations or attempts made to arrive at the right secret code is even limited. For example, beyond three operations, the chip card falls into an output slot behind the chip card reader. It is not even restored to its user.
This system is satisfactory, especially in view of the use of DES (data encryption standard) type algorithms, the complexity of which is such that a fraudulent individual would need to work on them for several years in order to take their mechanism apart. The drawback of these chip cards, however, is that they must include the microprocessor and that, ultimately, their cost is then very high.
In the invention, these problems are resolved by the use of a memory card that does not necessarily have any microprocessor. Essentially, the memory card has different types of zone: at least four different types of zones. These zones may possibly be made by different technologies (EPROM, EEPROM etc.), provided that they are not volatile. In a simplified way, the memory card of the invention even has zones that are all entirely readable. Only one of them is not re-recordable. It is a so-called identity zone, pertaining to the specific identity of the card, designed to prevent two cards from being totally identical, with one of them being a clone of the other by duplication. The following is the principle of the invention.
It is considered that, when a user uses his card and performs, for example, a banking operation, this operation can be counted. It is known, besides, that the object of a banking operation is to modify a balance. Besides, since the card is customized, it has specific indications concerning the identity of its bearer. As the case may be, the card may also have a secret access code known to the user. Under these conditions, each time the card is used, in the invention a digital signature is computed. This digital signature depends on the identity, the balance and the number of the banking operation performed. This identity, balance and number are furthermore recorded in three distinct zones of the card. This signature, which takes the form of a binary sequence of logic states, is also recorded in a particular zone of the memory card in the form of a certificate.
During a following operation, after standard operations, if necessary, for the validation of the bearer (wherein the bearer indicates his secret code and a reader ascertains that this secret code really corresponds to a secret code recorded in the card), the reader is made to compute a signature from the balance, the identity and the number of the operation recorded in the card. This computation of this signature is the same as the one that was likely to have been done at the time of recording of the signature as a certificate. Consequently, it can be ascertained that the new signature prepared is really the same one, or at least that it corresponds to the one recorded in the card.
If this is the case, an additional banking operation is authorized. At the end of this additional banking operation, a new signature is prepared from the new balance, the identity and the number of the new operation which, in the meantime, has been incremented by one unit to take account of the operation that has just been performed. This new signature is then recorded as a new certificate in the memory card, preferably in the place of the former one. Of course, the reader that computes the signature is provided with a indeciperable computation algorithm, preferably of the DES type. The result thereof is that, in this way, the same level of security is attained as with microprocessor-based cards, but that the cards concerned are now only memory cards containing only memory zones, without necessarily including the microprocessor. They are less expensive.